From 9e7835f9ea67776c3dac0680f253887706524d3f Mon Sep 17 00:00:00 2001 From: Josip Ponjavic Date: Wed, 5 May 2021 14:25:49 +0200 Subject: [PATCH] 5.12.1-1 (clr 5.12.1-1038) --- .SRCINFO | 20 +- ...nd-CONFIG-to-disallow-unprivileged-C.patch | 33 ++-- PKGBUILD | 187 +++++++++--------- 3 files changed, 116 insertions(+), 124 deletions(-) diff --git a/.SRCINFO b/.SRCINFO index d1e1569..01f944a 100644 --- a/.SRCINFO +++ b/.SRCINFO @@ -1,6 +1,6 @@ pkgbase = linux-clear pkgdesc = Clear Linux - pkgver = 5.10.34 + pkgver = 5.12.1 pkgrel = 1 url = https://github.com/clearlinux-pkgs/linux arch = x86_64 @@ -12,22 +12,22 @@ pkgbase = linux-clear makedepends = libelf makedepends = xmlto options = !strip - source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.tar.xz - source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.tar.sign - source = https://cdn.kernel.org/pub/linux/kernel/v5.x/patch-5.10.34.xz - source = clearlinux::git+https://github.com/clearlinux-pkgs/linux.git#tag=5.10.32-1035 - source = more-uarches-20210402.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/20210402.tar.gz + source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.12.tar.xz + source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.12.tar.sign + source = https://cdn.kernel.org/pub/linux/kernel/v5.x/patch-5.12.1.xz + source = clearlinux::git+https://github.com/clearlinux-pkgs/linux.git#tag=5.12.1-1038 + source = more-uarches-20210412.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/20210412.tar.gz source = pci-enable-overrides-for-missing-acs-capabilities.patch source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - sha256sums = dcdf99e43e98330d925016985bfbc7b83c66d367b714b2de0cbbfcbf83d8ca43 + sha256sums = 7d0df6f2bf2384d68d0bd8e1fe3e071d64364dcdc6002e7b5c87c92d48fac366 sha256sums = SKIP - sha256sums = ca4e6b6f69a5ac75b0deebd67d1b1eb111ed6e874fe765b450ddaa7d97cd0c41 + sha256sums = d90692a8c4bc8d4ea20a21e30927ba4d01bc772c3ff537059303f01a0bfaa813 sha256sums = SKIP - sha256sums = 8aea0d8a9999b0510fa128d79af8a8dc94d25f0a193fd698ebfdf09808472d2e + sha256sums = f1f62b6d2cd89d0ab15f8d7311f5bb775dfc97ff39f93bc77f6f733f75fa7558 sha256sums = 2c98de0814366b041aeee4cbf82b82620c7834bc33752d50f089e8bd7ea5cf5e - sha256sums = 261574aeee09864929d44a5f9896ad2645fe4539d9ee8a86575bd19a07eed865 + sha256sums = f3eb1e857f60a96a0c8d4f25f55a64ddf4aa4b3a33e9fcc6886430cf4789cb1c pkgname = linux-clear pkgdesc = The Clear Linux kernel and modules diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index f1d303c..332aa50 100644 --- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,7 +1,8 @@ -From 5a924ab983b82b3c5cba2b7abc90f8f38be41b6d Mon Sep 17 00:00:00 2001 +From 1ed48c405ba85328bae25d2f393700ba715a2f81 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" Date: Mon, 16 Sep 2019 04:53:20 +0200 -Subject: ZEN: Add sysctl and CONFIG to disallow unprivileged CLONE_NEWUSER +Subject: [PATCH 1/2] ZEN: Add sysctl and CONFIG to disallow unprivileged + CLONE_NEWUSER Our default behavior continues to match the vanilla kernel. --- @@ -13,10 +14,10 @@ Our default behavior continues to match the vanilla kernel. 5 files changed, 53 insertions(+) diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h -index 6ef1c7109fc4..2140091b0b8d 100644 +index f6c5f784be5a..07d194f23587 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h -@@ -106,6 +106,8 @@ void dec_ucount(struct ucounts *ucounts, enum ucount_type type); +@@ -108,6 +108,8 @@ void dec_ucount(struct ucounts *ucounts, enum ucount_type type); #ifdef CONFIG_USER_NS @@ -25,7 +26,7 @@ index 6ef1c7109fc4..2140091b0b8d 100644 static inline struct user_namespace *get_user_ns(struct user_namespace *ns) { if (ns) -@@ -139,6 +141,8 @@ extern bool current_in_userns(const struct user_namespace *target_ns); +@@ -141,6 +143,8 @@ extern bool current_in_userns(const struct user_namespace *target_ns); struct ns_common *ns_get_owner(struct ns_common *ns); #else @@ -35,10 +36,10 @@ index 6ef1c7109fc4..2140091b0b8d 100644 { return &init_user_ns; diff --git a/init/Kconfig b/init/Kconfig -index 0498af567f70..078a0b73effd 100644 +index 5f5c776ef192..afd708ed0241 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1140,6 +1140,22 @@ config USER_NS +@@ -1177,6 +1177,22 @@ config USER_NS If unsure, say N. @@ -62,12 +63,12 @@ index 0498af567f70..078a0b73effd 100644 bool "PID Namespaces" default y diff --git a/kernel/fork.c b/kernel/fork.c -index efc5493203ae..90859b7531d3 100644 +index 426cd0c51f9e..e83a79860d58 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -96,6 +96,10 @@ - #include +@@ -97,6 +97,10 @@ #include + #include +#ifdef CONFIG_USER_NS +#include @@ -76,7 +77,7 @@ index efc5493203ae..90859b7531d3 100644 #include #include #include -@@ -1861,6 +1865,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -1872,6 +1876,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -87,7 +88,7 @@ index efc5493203ae..90859b7531d3 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2961,6 +2969,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -2971,6 +2979,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -101,7 +102,7 @@ index efc5493203ae..90859b7531d3 100644 if (err) goto bad_unshare_out; diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index db1ce7af2563..9b73467e279d 100644 +index 62fbd09b5dc1..01192edd25f3 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -103,6 +103,9 @@ @@ -114,7 +115,7 @@ index db1ce7af2563..9b73467e279d 100644 #if defined(CONFIG_SYSCTL) -@@ -1882,6 +1885,15 @@ static struct ctl_table kern_table[] = { +@@ -1902,6 +1905,15 @@ static struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif @@ -131,7 +132,7 @@ index db1ce7af2563..9b73467e279d 100644 { .procname = "tainted", diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 87804e0371fe..66b5afb0d0ee 100644 +index 9a4b980d695b..4388ca13ea3f 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -21,6 +21,13 @@ @@ -149,5 +150,5 @@ index 87804e0371fe..66b5afb0d0ee 100644 static DEFINE_MUTEX(userns_state_mutex); -- -cgit v1.2.3-1-gf6bb5 +2.31.1 diff --git a/PKGBUILD b/PKGBUILD index fbe7c6d..f8f94cd 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -2,12 +2,21 @@ # Contributor: ### BUILD OPTIONS -# Set these variables to ANYTHING that is not null to enable them +# Set the next two variables to ANYTHING that is not null to enable them # Tweak kernel options prior to a build via nconfig _makenconfig= -_enable_gcc_more_v="y" +# Only compile active modules to VASTLY reduce the number of modules built and +# the build time. +# +# To keep track of which modules are needed for your specific system/hardware, +# give module_db a try: https://aur.archlinux.org/packages/modprobed-db +# This PKGBUILD reads the database kept if it exists +# +# More at this wiki page ---> https://wiki.archlinux.org/index.php/Modprobed-db +_localmodcfg= + # Optionally select a sub architecture by number or leave blank which will # require user interaction during the build. Note that the generic (default) # option is 32. @@ -48,16 +57,6 @@ _enable_gcc_more_v="y" # 34. AMD-Native optimizations autodetected by GCC (MNATIVE_AMD) _subarch=33 -# Only compile active modules to VASTLY reduce the number of modules built and -# the build time. -# -# To keep track of which modules are needed for your specific system/hardware, -# give module_db a try: https://aur.archlinux.org/packages/modprobed-db -# This PKGBUILD reads the database kept if it exists -# -# More at this wiki page ---> https://wiki.archlinux.org/index.php/Modprobed-db -_localmodcfg= - # Use the current kernel's .config file # Enabling this option will use the .config of the RUNNING kernel rather than # the ARCH defaults. Useful when the package gets updated and you already went @@ -67,10 +66,10 @@ _use_current= ### IMPORTANT: Do no edit below this line unless you know what you're doing -_major=5.10 -_minor=34 +_major=5.12 +_minor=1 _srcname=linux-${_major} -_clr=${_major}.32-1035 +_clr=${_major}.1-1038 pkgbase=linux-clear pkgver=${_major}.${_minor} pkgrel=1 @@ -80,7 +79,7 @@ url="https://github.com/clearlinux-pkgs/linux" license=('GPL2') makedepends=('bc' 'cpio' 'git' 'kmod' 'libelf' 'xmlto') options=('!strip') -_gcc_more_v='20210402' +_gcc_more_v='20210412' source=( "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${_major}.tar.xz" "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${_major}.tar.sign" @@ -99,20 +98,20 @@ prepare() { cd ${_srcname} ### Add upstream patches - echo "Add upstream patches" - patch -Np1 -i ../patch-${pkgver} + echo "Add upstream patches" + patch -Np1 -i ../patch-${pkgver} ### Setting version - echo "Setting version..." - scripts/setlocalversion --save-scmversion - echo "-$pkgrel" > localversion.10-pkgrel - echo "${pkgbase#linux}" > localversion.20-pkgname + echo "Setting version..." + scripts/setlocalversion --save-scmversion + echo "-$pkgrel" > localversion.10-pkgrel + echo "${pkgbase#linux}" > localversion.20-pkgname ### Add Clearlinux patches - for i in $(grep '^Patch' ${srcdir}/clearlinux/linux.spec | sed -n 's/.*: //p'); do + for i in $(grep '^Patch' ${srcdir}/clearlinux/linux.spec | grep -Ev '^Patch0112|^Patch0118|^Patch0121' | sed -n 's/.*: //p'); do echo "Applying patch ${i}..." patch -Np1 -i "$srcdir/clearlinux/${i}" - done + done local src for src in "${source[@]}"; do @@ -124,77 +123,72 @@ prepare() { done ### Setting config - echo "Setting config..." - cp -Tf $srcdir/clearlinux/config ./.config + echo "Setting config..." + cp -Tf $srcdir/clearlinux/config ./.config ### Enable extra stuff from arch kernel - echo "Enable extra stuff from arch kernel..." + echo "Enable extra stuff from arch kernel..." - # General setup - scripts/config --enable IKCONFIG \ - --enable-after IKCONFIG IKCONFIG_PROC \ - --undefine RT_GROUP_SCHED + # General setup + scripts/config --enable IKCONFIG \ + --enable-after IKCONFIG IKCONFIG_PROC \ + --undefine RT_GROUP_SCHED - # Power management and ACPI options - scripts/config --enable ACPI_REV_OVERRIDE_POSSIBLE \ - --enable ACPI_TABLE_UPGRADE + # Power management and ACPI options + scripts/config --enable ACPI_REV_OVERRIDE_POSSIBLE \ + --enable ACPI_TABLE_UPGRADE - # Enable loadable module support - scripts/config --undefine MODULE_SIG_FORCE \ - --enable MODULE_COMPRESS \ - --enable-after MODULE_COMPRESS MODULE_COMPRESS_XZ + # Enable loadable module support + scripts/config --undefine MODULE_SIG_FORCE \ + --enable MODULE_COMPRESS \ + --enable-after MODULE_COMPRESS MODULE_COMPRESS_XZ - # Networking support - scripts/config --enable NETFILTER_INGRESS + # Networking support + scripts/config --enable NETFILTER_INGRESS - # Device Drivers - scripts/config --enable FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER \ - --enable DELL_SMBIOS_SMM \ - --enable NET_VENDOR_AQUANTIA \ - --module PATA_JMICRON \ - --enable-after SOUND SOUND_OSS_CORE \ - --enable SND_OSSEMUL \ - --module-after SND_OSSEMUL SND_MIXER_OSS \ - --module-after SND_MIXER_OSS SND_PCM_OSS \ - --enable-after SND_PCM_OSS SND_PCM_OSS_PLUGINS \ - --module AGP --module-after AGP AGP_INTEL --module-after AGP_INTEL AGP_VIA + # Device Drivers + scripts/config --enable FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER \ + --enable DELL_SMBIOS_SMM \ + --enable NET_VENDOR_AQUANTIA \ + --module PATA_JMICRON \ + --enable-after SOUND SOUND_OSS_CORE \ + --enable SND_OSSEMUL \ + --module-after SND_OSSEMUL SND_MIXER_OSS \ + --module-after SND_MIXER_OSS SND_PCM_OSS \ + --enable-after SND_PCM_OSS SND_PCM_OSS_PLUGINS \ + --module AGP --module-after AGP AGP_INTEL --module-after AGP_INTEL AGP_VIA - # Kernel hacking -> Compile-time checks and compiler options -> Make section mismatch errors non-fatal - scripts/config --enable SECTION_MISMATCH_WARN_ONLY + # Kernel hacking -> Compile-time checks and compiler options -> Make section mismatch errors non-fatal + scripts/config --enable SECTION_MISMATCH_WARN_ONLY - # Security options - scripts/config --enable SECURITY_SELINUX \ - --enable-after SECURITY_SELINUX SECURITY_SELINUX_BOOTPARAM \ - --enable SECURITY_SMACK \ - --enable-after SECURITY_SMACK SECURITY_SMACK_BRINGUP \ - --enable-after SECURITY_SMACK_BRINGUP SECURITY_SMACK_NETFILTER \ - --enable-after SECURITY_SMACK_NETFILTER SECURITY_SMACK_APPEND_SIGNALS \ - --enable SECURITY_TOMOYO \ - --enable SECURITY_APPARMOR \ - --enable SECURITY_YAMA + # Security options + scripts/config --enable SECURITY_SELINUX \ + --enable-after SECURITY_SELINUX SECURITY_SELINUX_BOOTPARAM \ + --enable SECURITY_SMACK \ + --enable-after SECURITY_SMACK SECURITY_SMACK_BRINGUP \ + --enable-after SECURITY_SMACK_BRINGUP SECURITY_SMACK_NETFILTER \ + --enable-after SECURITY_SMACK_NETFILTER SECURITY_SMACK_APPEND_SIGNALS \ + --enable SECURITY_TOMOYO \ + --enable SECURITY_APPARMOR \ + --enable SECURITY_YAMA - # Library routines - scripts/config --enable FONT_TER16x32 + # Library routines + scripts/config --enable FONT_TER16x32 - make olddefconfig + make olddefconfig - ### Patch source to unlock additional gcc CPU optimizations - # https://github.com/graysky2/kernel_gcc_patch - if [ "${_enable_gcc_more_v}" = "y" ]; then - echo "Patching to enable GCC optimization for other uarchs..." - patch -Np1 -i "$srcdir/kernel_gcc_patch-$_gcc_more_v/more-uarches-for-kernel-5.8+.patch" - fi + # https://github.com/graysky2/kernel_gcc_patch + # make sure to apply after olddefconfig to allow the next section + echo "Patching to enable GCC optimization for other uarchs..." + patch -Np1 -i "$srcdir/kernel_gcc_patch-$_gcc_more_v/more-uarches-for-kernel-5.8+.patch" - ### Get kernel version - if [ "${_enable_gcc_more_v}" = "y" ] || [ -n "${_subarch}" ]; then + if [ -n "$_subarch" ]; then + # user wants a subarch so apply choice defined above interactively via 'yes' yes "$_subarch" | make oldconfig - else - make prepare - fi - - ### Prepared version - make -s kernelrelease > version - echo "Prepared $pkgbase version $(/dev/null + make -s kernelrelease > version + echo "Prepared $pkgbase version $(